Secure ASP.NET AJAX Development

Book Description

Many organizations are diving headfirst into AJAX technologies
to make their Web applications richer and more user friendly, but
they often do not realize the security implications of the AJAX
approach. Microsoft's ASP.NET AJAX technologies, commonly known by
the codename "Atlas," and other AJAX frameworks are changing the
way Web applications look and are developed, but Web developers are
often unaware of the security risks they are introducing into their
applications with these emerging technologies.

AJAX fundamentally changes the user experience and server
interaction in Web applications, so developers may be taking
otherwise secure applications and opening up new angles of attack
for hackers. This short cut outlines the increased security risk
inherent with AJAX technologies and addresses how developers can
use Microsoft's ASP.NET AJAX to implement secure AJAX applications.
After discussing Web application security pitfalls that are common
in AJAX development, given its focus on increased client processing
and more frequent access to Web services and databases, the author
focuses on a few key security principles for AJAX
developers--demystifying AJAX security and teaching how to develop
secure AJAX applications using ASP.NET AJAX Extensions. The short
cut concludes with a walkthrough of security testing best practices
that will help effectively uncover security problems in AJAX
applications during development and testing.